Thomas Raehalme <thomas.raehalme@...> writes: > > Hi, > > Previously we have used Atlassian Crowd as a source for user data in > various applications, both in-house built and proprietary such as JIRA > or Confluence. As we have deployed FreeIPA, I would like to start > using it as the identity source. Unfortunately using Kerberos is not > always possible so I am thinking about LDAP which often is an option > in 3rd party applicaitons. > > Anonymous access to the FreeIPA LDAP is enabled by default. Is it > possible to configure username/password to access the information? > Currently vSphere has a problem with anonymous access to LDAP not > working as intended. Ofcourse it would be nice to be able to restrict > access anyways. > > If using FreeIPA LDAP as the identity source, how should > authentication be handled? Is it possible to read the hash code for > passwords? Is it possible to authenticate against the LDAP service? > > Any advice appreciated! > > Best regards, > Thomas
Hi, I have just successfully configured confluence and jira to use FreeIPA for its LDAP user directory. First, create an IPA user group for confluence-users and jira-users using the IPA dashboard. Then add a user to both of these groups. If you navigate to the confluence and jira dashboards and then in the "User Directories" settings menu add a "Generic Directory Server" and then use the following settings... Base DN: You can find this in your IPA config. Additional User DN: cn=users,cn=accounts Additional Group DN: cn=groups,cn=accounts LDAP Permissions: Read Only Advanced Settings - Defaults are fine for this section User Schema Settings User Object Class: inetorgperson User Object Filter: (objectclass=inetorgperson) User Name Attribute: uid User Name RDN Attribute: uid User First Name Attribute: givenName User Last Name Attribute: sn User Display Name Attribute: displayName User Email Attribute: mail User Password Attribute: userPassword User Password Encryption: SHA User Unique ID Attribute: ipaUniqueID Group Schema Settings Group Object Class ipausergroup Group Object Filter (objectclass=ipausergroup) Group Name Attribute cn Group Description description Membership Schema Settings Group Members Attribute: member User Membership Attribute: member (This is not used due to the next option) User the User Membership Attribute: (Ensure this is unchecked, it is not supported) Now save and test using the user who is in the groups created above. Hope this helps someone. Dan -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
